winkey.dll and BKDR_PRORAT.13

M

MC

1) Followed the instruction below, but cannot get rid of this virus:

http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=bkdr_prorat.13&alt=prorat.13

The next scan, it will find this virus again. It identified as
BKDR_PRORAT.16. I suppose it is the same as .13

2) Found winkey.dll in c:\windows\system32. Denied delete. Renamed, but
cannot delete. Next time scanned, Trend Micro will detect this virus again.

3) If I don't get rid of it, what can (or will) happen to my computer?

Any help appreciated,
MC
 
D

David W. Hodgins

1) Followed the instruction below, but cannot get rid of this virus:
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=bkdr_prorat.13&alt=prorat.13
The next scan, it will find this virus again. It identified as
BKDR_PRORAT.16. I suppose it is the same as .13
Click to expand...

Not a good assumption. According to trendmicro, bkdr.prorat.16 is normally
spread as a fake key generator for "EASY CD-DA EXTRACTOR".

I can't find any info on how prorat.13 is spread, but it's probably from choosing
to execute malware.
2) Found winkey.dll in c:\windows\system32. Denied delete. Renamed, but
cannot delete. Next time scanned, Trend Micro will detect this virus again.
3) If I don't get rid of it, what can (or will) happen to my computer?
Click to expand...

Given that both are remote administration tools (See
http://www.pestpatrol.com/PestInfo/p/prorat.asp for more info), you have
no way of knowing what has already been done. Your computer may well
be in use now, for sending out spam.

Once you've allowed a back door to run, the only safe thing to do is reformat,
and reinstall. You cannot count on any scanners detecting what other malware
may have been installed.

Assuming you're running XP, read http://isc.sans.org/presentations/xpsurvivalguide.pdf
before you reinstall.

Also read http://www.claymania.com/safe-hex.html to avoid future problems.

Sorry for the bad news, but cleaning up after a backdoor trojan, is not the same
as cleaning up after a "regular" virus infection. If you check my past posts, you'll
see I very rarely suggest format/reinstall, but after a backdoor is installed, that's
the only safe way.

Regards, Dave Hodgins
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

HELP!! I Have A Worm! rpcsdbot.a 11
Can't Remove Trend Micro Icons from Control Panel & Security Cen 4
Can't Remove Trend Micro Icons from Control Panel & Security Centr 7
I (still) Have a Worm! Please Help! W32.Randex.E aka RPCSDBOT.A 12
ciadoor.13, or nothing? 16
Attn: Rock 4
keylogger.trojan virus 1
Defender Does nor remove Win32/Fotomoto and Win32/Virtumonde 5

Top